The CyberWire Daily Podcast 2.4.25
Ep 2238 | 2.4.25

A wolf in DOGE’s clothing?

Transcript

DOGE’s unchecked access to federal networks sparks major cybersecurity fears. Senator Hawley’s AI ban targets China and raises free speech concerns. Apple service ticket portal vulnerability exposed millions of users’ data. North Korean ‘FlexibleFerret’ malware targets macos via job scams and fake zoom apps. February 2025 android security update fixes 48 vulnerabilities, including exploited zero-day. Grubhub data breach exposes customer and driver information. Abandoned cloud infrastructure creates major security risks. Texas to launch its own Cyber Command amid rising cyber threats. Dell PowerProtect vulnerabilities pose critical security risks. On our Threat Vector segment, David Moulton and his guests look at the potential dangers of DeepSeek. U.S. Government is quietly altering the Head Start database. And a moment of inspiration from a spacefaring poet.

Today is Tuesday February 4th 2025. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

DOGE’s unchecked access to federal networks sparks major cybersecurity fears. 

Elon Musk’s Department of Government Efficiency (DOGE) has been given unprecedented access to sensitive federal networks, raising severe cybersecurity concerns. Experts warn that allowing DOGE workers—many young and inexperienced—to plug personal computers into systems like the Office of Personnel Management (OPM) and Treasury Department creates massive security risks, including potential breaches by foreign adversaries.

Experts like Jason Kikta, former U.S. Cyber Command official, say this could be the largest government security breach in history. DOGE has unchecked access to OPM’s background check and clearance records, Treasury’s trillions in payments, and USAID systems. The New York Times also reports Musk aides requested access to Medicare and Medicaid financial systems.

Security professionals highlight the lack of oversight: DOGE workers may be bypassing cybersecurity controls, using unauthorized devices, and storing sensitive data improperly. China and other foreign adversaries are likely watching for vulnerabilities. Experts emphasize that random individuals should not be granted access to federal networks, warning that Musk’s actions may have long-term security consequences.

Senator Hawley’s AI ban targets China and raises free speech concerns. 

Senator Josh Hawley (R-MO) has introduced the Decoupling America’s Artificial Intelligence Capabilities from China Act, which would criminalize importing, exporting, or collaborating on AI with China. The bill would impose up to 20 years in prison and a $1 million fine for knowingly downloading Chinese-developed AI models, such as DeepSeek, which recently surged in popularity.

Critics argue the bill stifles scientific collaboration and threatens free speech. Kevin Bankston from the Center for Democracy & Technology warns it could penalize AI researchers who publish openly, while the Electronic Frontier Foundation says it favors Big Tech monopolies over open AI research. The bill also bans U.S. companies from investing in Chinese AI and criminalizes research partnerships with Chinese entities—potentially disrupting AI development in the U.S.

Though seen as political posturing, bipartisan support for China-related bans suggests legislation like this could gain traction, despite its far-reaching implications.

Apple service ticket portal vulnerability exposed millions of users’ data.

A critical security flaw in Apple’s service ticket portal exposed millions of users’ sensitive data due to a combination of IDOR (Insecure Direct Object Reference) and privilege escalation vulnerabilities. Researcher Virtuvil discovered the issue when submitting a repair ticket and found he could access other users’ service tickets, Mac serial numbers, IMEI numbers, and personal details.

By modifying a URL parameter, he bypassed authentication and gained admin access, potentially allowing attackers to alter repair appointments or access customer databases. The lack of rate-limiting worsened the risk, enabling automated data harvesting.

Apple patched the flaw after disclosure through its bug bounty program, reinforcing authorization checks and implementing rate-limiting. 

North Korean ‘FlexibleFerret’ malware targets macos via job scams and fake zoom apps. 

A new North Korean macOS malware, FlexibleFerret, is spreading through fake Zoom apps, job scams, and GitHub bug reports. Linked to the ‘Contagious Interview’ campaign, it tricks job seekers and developers into installing it by disguising itself as legitimate software updates.

Discovered by SentinelLabs, the malware uses a dropper to install itself unnoticed, creates fake Zoom apps, and establishes persistence after system reboots. Initially signed with a valid Apple Developer certificate, it bypassed security checks before Apple revoked it.

FlexibleFerret shares code similarities with ChromeUpdate malware but has evolved to evade Apple’s XProtect security tool. 

February 2025 android security update fixes 48 vulnerabilities, including exploited zero-day. 

The February 2025 Android security update patches 48 vulnerabilities, including CVE-2024-53104, a zero-day privilege escalation flaw in the Android Kernel’s USB Video Class driver, actively exploited in the wild. This flaw allows local attackers to elevate privileges through low-complexity attacks, potentially leading to arbitrary code execution or system crashes.

Another critical flaw, CVE-2024-45569, affects Qualcomm’s WLAN component, enabling remote code execution due to improper validation of array indexes. Attackers could modify memory, execute commands, or crash devices without user interaction.

Google has released two security patch levels (2025-02-01 and 2025-02-05), with Pixel devices receiving immediate updates, while other manufacturers may take longer to deploy fixes. 

Grubhub data breach exposes customer and driver information. 

Grubhub has disclosed a data breach caused by a compromised third-party contractor account, exposing customer, merchant, and driver data. The breach, linked to unauthorized access within a customer support provider’s systems, prompted Grubhub to revoke access and launch an investigation.

Exposed data includes names, emails, phone numbers, hashed passwords, and partial payment details for some users. However, full payment card numbers, Social Security numbers, and bank details were not accessed.

The incident highlights supply chain security risks, as attackers increasingly target third-party vendors to bypass direct security controls. Grubhub has strengthened defenses, rotating credentials, enhancing anomaly detection, and improving vendor risk management to prevent future breaches.

Abandoned cloud infrastructure creates major security risks. 

A watchTowr investigation revealed that abandoned Amazon S3 buckets—once used by governments, Fortune 500 companies, and cybersecurity firms—still receive sensitive data requests, posing serious security risks. Over four months, researchers took control of 150 neglected AWS assets, which were still being pinged by organizations worldwide for software updates, system configurations, and critical infrastructure files.

Attackers could hijack these assets to launch supply chain attacks, distribute malware, or steal credentials. Examples include an abandoned CISA advisory S3 bucket, which could have been misused to distribute malicious patches, and outdated SSL VPN configurations, allowing attackers to impersonate users.

The research underscores systemic weaknesses in cloud security, emphasizing that abandoning cloud resources without proper decommissioning leaves organizations vulnerable. AWS has since sinkholed the compromised infrastructure, but watchTowr warns that these issues persist across the industry, making neglected cloud assets a growing cybersecurity threat.

Texas to launch its own Cyber Command amid rising cyber threats. 

Texas Governor Greg Abbott announced plans to establish the Texas Cyber Command to combat the growing wave of cyber-attacks targeting the state. Highlighting recent attacks on a city, hospital, and business, Abbott warned of threats from China, Russia, and Iran.

Headquartered in San Antonio, the command will anticipate threats, coordinate incident response, and support post-attack investigations. It will also focus on cybersecurity training and awareness. Texas, a major economic and military hub, remains a lucrative target for cybercriminals and nation-state actors. No official launch date has been set.

Dell PowerProtect vulnerabilities pose critical security risks. 

Dell Technologies has disclosed multiple critical vulnerabilities affecting its PowerProtect product line, including Data Domain (DD) appliances and PowerProtect Management Center. These flaws, with CVSS scores up to 9.8, could enable privilege escalation, arbitrary code execution, and system compromise.

Key vulnerabilities include CVE-2024-33871, an arbitrary code execution flaw, and CVE-2024-41110, which impacts Docker’s Moby project. Exploits could allow remote attacks with minimal privileges.

Dell urges organizations to update DDOS to version 8.3.0.0 or later, implement network segmentation, and monitor systems for suspicious activity. 

U.S. Government is quietly altering the Head Start database. 

404 Media examines a quiet but deliberate shift, where software engineers managing a government database for the Department of Health and Human Services’ (HHS) Head Start program have been tasked with systematically removing references to diversity, equity, and inclusion (DEI). The effort, part of a project called “Remove-DEI”, aligns with Trump’s executive orders restricting any mention of race or gender in federal agencies.

The updates, visible in GitHub commits, reveal discussions among engineers on how best to eliminate “forbidden words” from the system. This includes removing the ability to search for or filter programs that support families affected by systemic discrimination. Though thousands of government datasets are disappearing from the internet, even those that remain are being subtly altered—undermining their original purpose without public awareness.

Head Start, which spends $12 billion annually to help disadvantaged children prepare for school, has already faced uncertainty under Trump’s spending freezes. Now, its tracking systems are being stripped of key tools used to evaluate program effectiveness for marginalized communities.

The coding changes were executed by Ad Hoc LLC, a government contractor paid $7.2 million to manage the database. Internal messages show engineers asking colleagues to scan for other “forbidden words” to delete. HHS declined to comment, citing a pause on public communications under the new administration.

These database alterations are part of a larger trend, with over 2,000 datasets disappearing from Data.gov and federal scripts actively removing gender pronouns from employee emails. The erasure of DEI language is happening quietly—but at a sweeping scale.

 

Coming up, we’ve got our Threat Vector segment. Host David Moulton sits down with Palo Alto Networks Sam Rubin and Kyle Wilhoit to explore the vulnerabilities of DeepSeek, a new large language model. And,. We’ll be right back.

Welcome back. You can find a link to the the full examination of DeepSeek by David, Sam and Kyle in our show notes. 

And finally, we close with a moment of inspiration. Dr. Sian Leo Proctor is an Artist, Futurist, and Explorer whose work bridges the worlds of science, space exploration, humanity, and creative expression. Our T-Minus Daily podcast team caught up with the Inspiration4 astronaut to find out about her journey into space and how it inspires her art here on Earth. As we close today, we offer you her poem that earned her a ticket to space.. If you're looking for 'Space to Inspire', then look no further.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.

 

N2K’s senior producer is Alice Carruth. Our CyberWire producer is Liz Stokes. We’re mixed by Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.